Fine against hospital
After a fine was imposed on a hospital in Portugal, a case has now become known in Czech republic.
Due to poor technical implementation, the Czech authorities imposed a fine of CZK 40,000 (approx. € 1550).
In response to a patient complaint, the Czech data protection authority has initiated an investigation against the hospital in the city of Tábor. The complainant stated that electronic patient records could be viewed and altered by unauthorized persons. The DPA therefore focused on this aspect and found that the protocols produced for each medical record were incomplete. Because of these protocols, it is not clear who accessed the medical record. Also, a change log does not exist. It was also found that, with the exception of psychiatric patients, every doctor can access all medical records. That’s why a reliable access protocol is essential.
Due to the deficiencies found, the authority imposed the fine. The hospital accepted the penalty.
Once again it shows that the technical protection of a data processing is essential. Countless fines have already been imposed because the measures taken were inadequate. Since , regular GDPR requires state-of-the-art processing reviews are necessary.
In order to optimally protect personal data, even small and medium-sized businesses need a powerful but easy-to-use firewall. Our easyGDPR privacy and data protection package provides the right device with the Sophos Next-Generation Firewall.
Source: Czech Data Protection Authority
Type of Issue:
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
32. Security of processing
9. Processing of special categories of personal data